Am 13.09.2011 13:30, schrieb Matthias Saou:
Rainer Traut wrote :
I've looked around in docs.redhat.com but found nothing so far.
What's best practice to run standalone tomcat on port 443 without apache
in front?
There are a couple of choices...
like run as root (bad) or iptables in front.
But which is the preferred 'redhat way'?
Between the "good" and "bad" choices, I'm guessing it'll be up to you
to decide. But a bit of common sense should make that easy :-)
And you seem to already know the answer, but just in case :
iptables -t nat -I PREROUTING 1 \
-p tcp --dport 443 -j REDIRECT --to-ports $my_tomcat_port
service iptables save
This is common practice for just about any standalone tcp server which
isn't started as root and needs to be accessed on a privileged port.
Thx to both of you for your answers.
I'm afraid the iptables cmd did not work... :)
Problem was - we are building a HA two node cluster with floating IP -
and the REDIRECT target "changes the destination IP to the primary
address of the incoming interface".
This was the case here, so we had to use the DNAT target like this:
-t nat -A PREROUTING -d $TOMCATIP -p tcp --dport 443 -j DNAT
--to-destination $TOMCATIP:TOMCATPORT
But works now, thx!
Rainer
_______________________________________________
rhelv6-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv6-list
